Voice assistant devices could be more vulnerable than we think

Voice assistant devices could be more vulnerable than we think

While the undetected voice commands demonstrated by the researchers are harmless, it is easy how attackers can exploit the technique. Now a new study claims that Google Assistant, along with its rivals like Apple's Siri and Amazon's Alexa, could be vulnerable to sound commands that can't even be heard by humans. In doing so, you could essentially override the message the voice assistant is supposed to receive and substitute it with sounds that will be interpreted differently, thus giving the voice assistant a different command that would be virtually unrecognizable to the human ear.

These commands can be hidden in white noise played over loudspeakers or YouTube videos, as students from the University of California, Berkeley, and Georgetown University demonstrated two years ago.

"We wanted to see if we could make it even more stealthy", said UC Berkeley fifth-year computer security Ph.D. student Nicholas Carlini, one of the authors of the research that has been published online. Major smart speaker manufacturers like Amazon, Google and Apple say that they have safeguards in place to prevent their assistants from being hijacked. Apple points out that HomePod can't do things like open doors, while iPhones have to be unlocked to execute certain Siri commands.

While the commands may go unheard by humans, the low-frequency audio commands can be picked up, recovered and then interpreted by speech recognition systems. The idea was to get Android devices to read aloud the ingredients of the burger from the Whopper's Wikipedia page.

There is no U.S. law against broadcasting subliminal messages to humans, let alone machines. Like using a Cap'n Crunch whistle from a cereal box to trick payphones into giving free calls, this latest attack is simply the evolution of using a system against itself, and it will make digital assistants (like it did with telephones) more secure in the long run. For its part, the Federal Communications Commission (FCC) has discouraged the practice, calling it "counter to the public interest".

Dragon float in Disney parade catches fire
No word on what will happen to the dragon float, but I hope they fix it and continue with this parade. A dragon float was supposed to be breathing fire, but the dragon's head ended up engulfed in flames.

Researchers in China call the technique, "Dolphin Attack". The receiver must be close to the device, but a more powerful ultrasonic transmitter can help increase the effective range.

They were able to hide the command, "O.K. Google, browse to evil.com" in a recording of the spoken phrase, "Without the data set, the article is useless". During the Urabana-Champaign, they showed that though commands couldn't yet penetrate walls, they still had the potential to control smart devices through open windows in buildings.

They also embedded other commands into music clips.

You can hear the audio files on Carlini's website.

Related Articles

  • Google is making regular security patches mandatory for OEMs

    Google is making regular security patches mandatory for OEMs

    The AR experience will also be closely integrated with search rather than within Google Play or in-app advertisements. Android : Earlier this year, Google offered app developers (and adventurous fans) an early look at Android P .
    The Aston Martin DB11 AMR is your grand touring supercar

    The Aston Martin DB11 AMR is your grand touring supercar

    The V12 now generates 630 horsepower, 30 more than the outgoing DB11 V12, and 127 horsepower more than the V8-powered DB11. With the AMR, he added, "we felt the V12 could reveal more of its sporting potential, while remaining the consummate GT".
    Farah: What Wenger did for Arsenal is incredible

    Farah: What Wenger did for Arsenal is incredible

    He added: "The Champions League final [defeat to Barcelona] was 2006, 12 years ago". Not the most glamorous maybe, but the most hard ".
  • USA  cancer docs feel unprepared, but recommend marijuana anyway

    USA cancer docs feel unprepared, but recommend marijuana anyway

    Nearly 80% of the conversations were initiated by patients, as reported online in the Journal of Clinical Oncology ( JCO ). Among those who said they recommended marijuana, 56 percent said they did not have sufficient knowledge to do so.
    NASA Is Sending A Helicopter To Mars. That Is Not A Typo

    NASA Is Sending A Helicopter To Mars. That Is Not A Typo

    Plans are being laid for a 30-day flight test, with 5 flights going incrementally further each time, up to a few hundred yards. Not only will an aircraft be able to move around faster than rovers, it will also be able to reach areas they can not get to.
    Sridevi's death: SC dismisses filmmaker Sunil Singh's plea

    Sridevi's death: SC dismisses filmmaker Sunil Singh's plea

    According to Dubai-based Gulf News, the actor was under the influence of alcohol when she fell into the bathtub and drowned. Bollywood "Chandani" Sridevi died on Februray 24, 2018 in Dubai after accidentally drowning in her hotel bath-tub.
  • Canara Bank posts huge loss on bad loans

    Canara Bank posts huge loss on bad loans

    Its return on assets became negative at (-) 0.03 per cent at the end of March quarter as against 0.15 per cent in the year-ago. Gross NPAs jumped to Rs 47,468 crore as on March end 2018, up 18 per cent from Rs 40,312 crore in the December quarter.
    Wall Street rises with healthcare rally after Trump's speech

    Wall Street rises with healthcare rally after Trump's speech

    S&P 500 e-minis ESc1 were up 7 points, or 0.26 percent and Nasdaq 100 e-minis NQc1 were up 31.75 points, or 0.47 percent. Gains in banks and industrial companies were offset by losses in health care and consumer goods stocks.
    Royal wedding couple: You may now eat the bride

    Royal wedding couple: You may now eat the bride

    Meanwhile, to honor their former student, Immaculate Heart will have a tea party and royal wedding viewing on May 19 at 4 a.m. Turns out, Parisa actually has mutual friends with the couple, but she decided not to reach out during the filming process.
  • Charlotte Flair Set For Surgery After She Ruptured Her Breast Implant

    Charlotte Flair Set For Surgery After She Ruptured Her Breast Implant

    Word is that Flair suffered the injury before WrestleMania 34 but refused to miss her marquee match against then-undefeated Asuka. On Thursday night we reported that Charlotte Flair lost a tooth at a live event during the United Kingdom tour.
    Manchester United vs Watford: Why Micheal Carrick will start game - Mourinho

    Manchester United vs Watford: Why Micheal Carrick will start game - Mourinho

    They had made an impressive start to their season under Marco Silva, but it didn't last long due to multiple reasons. I know the style sometimes frustrates the fans but you can not argue with results.
    JK: Police personnel killed in terrorist attack

    JK: Police personnel killed in terrorist attack

    The slain jawan Sgct Shamim Ahmad No 834 Bd (EXK 981992) is a resident of Check Hanjan Yaripora Kulgam. Official sources told GNS that the youth was identified as Adil Farooq Mir of Galvanpora Budgam.